USG110 & L2TP / IPSec with IKEv2

mrwee

Hi. I'm struggling to get IKEv2 implemented on my USG110. I can get my iPhone to connect well enough, but I can't seem to get both LAN & internet access at the same time. I've previously had IKEv1 working, so I just copied the Policy Routing & Control to the newly created VPN elements. But it doesn't work. I've tried changing the "Local Policy" under the VPN Connection, but no setting have provided both.

Is there a complete example somewhere?

Zyxel_Emily

Hi @mrwee,

 

You can follow the instructions in the attached document to configure IKEv2.

Create a policy route for Internet access.

mrwee

Thank you. This looks very useful. In trying to make this work, I've fiddled with "Use Policy Route to Security control dynamic IPSec rules". Is it correctly understood that if this is enabled, then no Policies needs to be configured manually? Even if I use Policy Routing (Under network)?

Thanks for your support, it's great to have this forum!

Zyxel_Emily

Hi @mrwee,

 

The ZyWALL creates routes for dynamic VPN automatically.

You can create and use policy routes to control IPSec traffic if "Use Policy Route to control dynamic IPSec rules" is enabled.

This feature provides more flexible management for IPSec VPN dynamic peer.

mrwee

Ok, thanks for the clarification. I still haven't got it working, but I'll try to troubleshoot it.